Product Update: Scaling Student Data Access with User Roles & Data Permissions
March 20, 2023
Securing and managing access to student records is vital to all stakeholders. As Orah continues to expand its range of products and services, we're committed to addressing this challenge head-on. Today, we're excited to announce the release of our latest feature - user roles and data permissions for improved access management.
We will take you through exactly what has changed, how to make the most of these new tools and our recommendations on how your school should manage access.
User roles: set & control access across your school
Role based access management allows school administrators to create multiple role profiles, and assign one or more to staff users, creating ‘recipes’ of access that meets the needs of centrally managed access control, while still maintaining a level of flexibility for specific user types.
Feedback from schools was that having better overall visibility of what users can access was an important outcome of this project and the roles overview provides that for schools that adopt this feature.
Quickly manage permissions for different user groups, and ensure that everyone has the appropriate level of access.
Assigned students: advanced control of student data
In addition to better controls of the products and areas of functionality each user has access to, we have listened to customer feedback about the need to have more control and flexibility with student data records.
Our new "Assigned Students" feature empowers schools to establish a set of rules, or 'recipe,' determining which staff members can access specific student data records.
To facilitate this:
- The existing ‘Houses’ feature has been extended to be more centrally managed
- If integrated with Orah, Groups or classes (SIS Groups) can automatically assign users to student records based on their roles in the school information system.
- Tags continue to offer granular access to student groups within Orah.
The "Assigned Students" functionality is now accessible through both user roles and individual user additional permissions settings.
What this changes for you
We have been careful to avoid any changes that would cause your existing users to be impacted - no action is needed by you right away, but some changes have been made to staff user management.
Adding new users
You should expect some changes to the layout and options of the “User Invite” page. We have covered this in detail in our “Inviting staff users guide” but additions include the ability to assign a role to staff users when inviting them, assign houses to users, set user-level permissions as needed and a new look ‘pending invites’ page.
Assigning staff users to houses
Assigning users now takes place within the configuration settings of each House, allowing schools to centrally manage the assignment of staff users to houses.
The “Access” tab changes to “Additional permissions”
With the introduction of user roles, staff users can now have permissions set at the role level, or at individual level via the ‘Additional Permissions’ tab. This view is similar to the previous ‘Access’ view and the previous access settings will be available within Additional Permissions.
As mentioned above, assigned students is our new way of managing student data record access.
Best practice recommendations
If you have less than a dozen users, you may be tempted to leave your existing setup as it is. While we can understand why, we think moving to a role based access model is the best approach for all schools:
- As staff join, leave or change positions, changes are more efficient and easier to manage with user roles.
- If new products are added, setting the right level of access for each user is easy to do.
- No matter what size, schools need to ensure they have good oversight and control over access to student records, and user roles are the most robust way of doing so.
Our best practice guide details our recommendations further.
We know that this change requires a little bit of work, but we think it benefits everyone.
Please remember that our customer success team is available to support you - get in touch with your representative or if you are unsure, please reach out to us.